A New Cryptosystem Based On Hidden Order Groups

Let $G_1$ be a cyclic multiplicative group of order $n$. It is known that the Diffie-Hellman problem is random self-reducible in $G_1$ with respect to a fixed generator $g$ if $\phi(n)$ is known. That is, given $g, g^x\in G_1$ and having oracle access to a `Diffie-Hellman Problem' solver with fixed generator $g$, it is possible to compute $g^{1/x} \in G_1$ in polynomial time (see theorem 3.2). On the other hand, it is not known if such a reduction exists when $\phi(n)$ is unknown (see conjuncture 3.1). We exploit this ``gap'' to construct a cryptosystem based on hidden order groups and present a practical implementation of a novel cryptographic primitive called an \emph{Oracle Strong Associative One-Way Function} (O-SAOWF). O-SAOWFs have applications in multiparty protocols. We demonstrate this by presenting a key agreement protocol for dynamic ad-hoc groups.Comment: removed examples for multiparty key agreement and join protocols, since they are redundan

Neural Signatures of Intransitive Preferences

It is often assumed that decisions are made by rank-ordering and thus comparing the available choice options based on their subjective values. Rank-ordering requires that the alternatives’ subjective values are mentally represented at least on an ordinal scale. Because one alternative cannot be at the same time better and worse than another alternative, choices should satisfy transitivity (if alternative A is preferred over B, and B is preferred over C, A should be preferred over C). Yet, individuals often demonstrate striking violations of transitivity (preferring C over A). We used functional magnetic resonance imaging to study the neural correlates of intransitive choices between gambles varying in magnitude and probability of financial gains. Behavioral intransitivities were common. They occurred because participants did not evaluate the gambles independently, but in comparison with the alternative gamble presented. Neural value signals in prefrontal and parietal cortex were not ordinal-scaled and transitive, but reflected fluctuations in the gambles’ local, pairing-dependent preference-ranks. Detailed behavioral analysis of gamble preferences showed that, depending on the difference in the offered gambles’ attributes, participants gave variable priority to magnitude or probability and thus shifted between preferring richer or safer gambles. The variable, context-dependent priority given to magnitude and probability was tracked by insula (magnitude) and posterior cingulate (probability). Their activation-balance may reflect the individual decision rules leading to intransitivities. Thus, the phenomenon of intransitivity is reflected in the organization of the neural systems involved in risky decision-making

Multiparty Non-Interactive Key Exchange and More From Isogenies on Elliptic Curves

We describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol for n parties for any n ≥ 2. Our approach is based on the problem of computing isogenies between isogenous elliptic curves, which is believed to be difficult. We do not obtain a working protocol because of a missing step that is currently an open mathematical problem. What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety. Our framework builds a cryptographic invariant map, which is a new primitive closely related to a cryptographic multilinear map, but whose range does not necessarily have a group structure. Nevertheless, we show that a cryptographic invariant map can be used to build several cryptographic primitives, including NIKE, that were previously constructed from multilinear maps and indistinguishability obfuscation